shaf 1.6.1 → 2.0.0

data/lib/shaf/generator/templates/api/policy.rb.erb

@@ -8,9 +8,9 @@ class <%= policy_class_name %> < BasePolicy
 
   <%= attributes.join("\n  ") %>
 
-  link :collection
+  link :collection, :up, :proflie
 
-  link :'create-form', :'edit-form', :delete do
+  link :create_form, :edit_form, :delete do
     write?
   end
 

data/lib/shaf/generator/templates/api/profile.rb.erb

@@ -0,0 +1,16 @@
+module Profiles
+  class <%= profile_class_name %> < Shaf::Profile
+    name '<%= profile_name %>'
+
+    doc 'FIXME: replace this with a description of the <%= profile_name %> profile'
+
+    use :delete, from: Shaf::Profiles::ShafBasic
+
+  <% attributes.each do |name, type| %>
+    attribute :<%= name %>,
+              type: '<%= type %>',
+              doc: 'FIXME: Write documentation for <%= name %>'
+
+  <% end %>
+  end
+end

data/lib/shaf/generator/templates/api/serializer.rb.erb

@@ -6,9 +6,9 @@ class <%= class_name %> < BaseSerializer
   model <%= model_class_name %>
   policy <%= policy_class_name %>
 
-  <%= print_nested(attributes_with_doc) %>
+  <%= print(profile_with_doc) %>
 
-  <%= print_nested(curies_with_doc) %>
+  <%= print_nested(attributes_with_doc) %>
 
   <%= print_nested(links_with_doc) %>
 

data/lib/shaf/generator/templates/spec/integration_spec.rb.erb

@@ -14,8 +14,7 @@ describe <%= model_class_name %>, type: :integration do
   end
 
   it "lists all <%= plural_name %>" do
-    <%= model_class_name %>.create
-    <%= model_class_name %>.create
+    2.times { <%= model_class_name %>.create }
 
     get <%= plural_name %>_uri
     _(status).must_equal 200

data/lib/shaf/generator/templates/spec/serializer_spec.rb.erb

@@ -15,8 +15,8 @@ describe <%= class_name %> do
     end
 
     it "serializes attributes" do
-<% attributes.each do |attr| -%>
-      _(attributes.keys).must_include(<%= attr %>)
+<% attribute_names.each do |attr| -%>
+      _(attributes.keys).must_include(:<%= attr %>)
 <% end -%>
     end
 
@@ -33,13 +33,13 @@ describe <%= class_name %> do
     end
 
     it "serializes attributes" do
-<% attributes.each do |attr| -%>
-      _(attributes.keys).must_include(<%= attr %>)
+<% attribute_names.each do |attr| -%>
+      _(attributes.keys).must_include(:<%= attr %>)
 <% end -%>
     end
 
     it "serializes links" do
-<% links.each do |rel| -%>
+<% link_relations.each do |rel| -%>
       _(link_rels).must_include(:'<%= rel %>')
 <% end -%>
     end

data/lib/shaf/helpers.rb

@@ -3,6 +3,8 @@ require 'shaf/helpers/json_html'
 require 'shaf/helpers/paginate'
 require 'shaf/helpers/payload'
 require 'shaf/helpers/http_header'
+require 'shaf/helpers/authentication'
+require 'shaf/helpers/vary'
 
 module Shaf
   def self.helpers
@@ -12,6 +14,8 @@ module Shaf
       Paginate,
       Payload,
       HttpHeader,
+      Authentication,
+      Vary,
     ]
   end
 end

data/lib/shaf/helpers/authentication.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require 'set'
+require 'shaf/authenticator'
+require 'shaf/errors'
+
+module Shaf
+  module Authentication
+    class NoChallengesError < Error
+      def initialize(realm)
+        super("No Authentication challenges for realm: #{realm.inspect}")
+      end
+    end
+
+    class RealmChangedError < Error
+      def initialize(from:, to:)
+        super <<~ERR
+          Realm was changed from "#{from}" to "#{to}". This is not allowed!
+          Each request corresponds to a certain realm and cannot be changed.
+          This is probably caused by a call to `current_user` using the
+          default realm (from `Shaf::Settings.default_authentication_realm`)
+          and then using `#authenticate realm: 'some_other_realm'
+        ERR
+      end
+    end
+
+    def www_authenticate(realm: Settings.default_authentication_realm)
+      challenges = Authenticator.challenges_for(realm: realm)
+      raise NoChallengesError.new(realm) if challenges.empty?
+
+      headers 'WWW-Authenticate' => challenges.map(&:to_s)
+    end
+
+    def authenticate(realm: Settings.default_authentication_realm)
+      if defined?(@current_realm) && @current_realm&.to_s != realm&.to_s
+        raise RealmChangedError.new(from: @current_realm , to: realm)
+      else
+        @current_realm = realm
+      end
+
+      current_user.tap do |user|
+        www_authenticate(realm: realm) unless user
+      end
+    end
+
+    def authenticate!(realm: Settings.default_authentication_realm)
+      user = authenticate(realm: realm)
+      return user if user
+
+      msg = +"Unauthorized action"
+      msg << " (Realm: #{realm})" if realm
+      raise Shaf::Errors::UnauthorizedError, msg
+    end
+    alias current_user! authenticate!
+
+    def authenticated?
+      !current_user.nil?
+    end
+
+    def current_user
+      unless defined? @current_realm
+        if Settings.key? :default_authentication_realm
+          @current_realm = Settings.default_authentication_realm
+        else
+          Shaf.logger.info <<~MSG
+            No realm has been provided!
+            Authentication/authorization cannot be performed. Did you perhaps
+            forget to configure a realm in
+            `Settings.default_authentication_realm` or provide it when calling
+            `#authenticate!` (or `#authenticate!`)
+          MSG
+          return
+        end
+      end
+
+      @current_user ||= Authenticator.user(request.env, realm: @current_realm)
+    end
+  end
+end

data/lib/shaf/helpers/payload.rb

@@ -2,50 +2,32 @@
 
 require 'set'
 require 'shaf/responder'
+require 'shaf/parser'
+require 'shaf/errors'
 
 module Shaf
   module Payload
-    EXCLUDED_FORM_PARAMS = ['captures', 'splat'].freeze
     NO_VALUE = Object.new.freeze
 
     private
 
     def payload
-      @payload ||= parse_payload
-    end
-
-    def read_input
-      request.body.rewind
-      request.body.read
-    ensure
-      request.body.rewind
+      return @payload if defined? @payload
+      @payload = parse_payload
     end
 
     def parse_payload
-      if request.env['CONTENT_TYPE'] == 'application/x-www-form-urlencoded'
-        return params.reject { |key, _| EXCLUDED_FORM_PARAMS.include? key }
-      end
+      return unless Parser.input? request
 
-      input = read_input
-      return {} if input.empty?
+      parser = Parser.for(request)
+      raise Errors::UnsupportedMediaTypeError.new(request: request) unless parser
 
-      raise raise_unsupported_media_type_error(request) unless suported_media_type?
-
-      JSON.parse(input, symbolize_names: true)
-    rescue Errors::UnsupportedMediaTypeError
-      raise
-    rescue StandardError => e
+      log.debug "Parsing input using: #{parser.class}"
+      parser.call
+    rescue Parser::Error => e
       raise Errors::BadRequestError, "Failed to parse input payload: #{e.message}"
     end
 
-    def suported_media_type?
-      request.env['CONTENT_TYPE'].match? %r{\Aapplication/(hal\+)?json}
-    end
-
-    def raise_unsupported_media_type_error(request)
-      raise Errors::UnsupportedMediaTypeError.new(request: request)
-    end
-
     def safe_params(*fields)
       return {} unless payload
 
@@ -58,10 +40,6 @@ module Shaf
       end
     end
 
-    def ignore_form_input?(name)
-      name == '_method'
-    end
-
     def profile(value = NO_VALUE)
       return @profile if value == NO_VALUE
       @profile = value
@@ -86,15 +64,17 @@ module Shaf
       kwargs[:profile] ||= profile
 
       log.info "#{request.request_method} #{request.path_info} => #{status}"
-      payload = Responder.for(request, resource).call(self, resource, preload: preload, **kwargs)
+      responder = Responder.for(request, resource)
+      payload = responder.call(self, resource, preload: preload, **kwargs)
       add_cache_headers(payload, kwargs)
-
       payload
     rescue StandardError => err
       log.error "Failure: #{err.message}\n#{err.backtrace}"
       if status == 500
         content_type mime_type(:json)
         body JSON.generate(failure: err.message)
+      elsif err.is_a? Errors::ServerError
+        respond_with(err)
       else
         respond_with(Errors::ServerError.new(err.message))
       end

data/lib/shaf/helpers/vary.rb

@@ -0,0 +1,8 @@
+module Shaf
+  module Vary
+    def vary(*varying)
+      current = headers['Vary']
+      headers('Vary' => [current, *varying].compact.join(','))
+    end
+  end
+end

data/lib/shaf/logger.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Shaf
+  class << self
+    attr_writer :logger
+
+    def log
+      @logger ||= Logger.new('/dev/null')
+    end
+    alias logger log
+  end
+end

data/lib/shaf/parser.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'set'
+
+module Shaf
+  module Parser
+    class Error < StandardError; end
+
+    INPUT_BODY = 'shaf.input_body'
+
+    class << self
+      def register(parser)
+        parsers << parser
+      end
+
+      def unregister(parser)
+        parsers.delete(parser)
+      end
+
+      def input?(request)
+        !!input(request)
+      end
+
+      def for(request)
+        clazz = parser_for(request)
+        return unless clazz
+
+        body = input(request)
+        clazz.new(request: request, body: body)
+      end
+
+      private
+
+      def parser_for(request)
+        parsers.find do |parser|
+          parser.can_handle? request
+        end
+      end
+
+      def parsers
+        @parsers ||= Set.new
+      end
+
+      def input(request)
+        body = request.get_header(INPUT_BODY)
+        body ||= read_input(request).tap do |b|
+          request.set_header(INPUT_BODY, b)
+        end
+
+        body unless String(body).strip.empty?
+      end
+
+      def read_input(request)
+        request.body.rewind
+        request.body.read
+      ensure
+        request.body.rewind
+      end
+    end
+  end
+end
+
+require 'shaf/parser/base'
+require 'shaf/parser/json'
+require 'shaf/parser/form_data'

data/lib/shaf/parser/base.rb

@@ -0,0 +1,44 @@
+module Shaf
+  module Parser
+    class Base
+      class << self
+        def inherited(child)
+          Parser.register(child)
+          super
+        end
+
+        def mime_type(type = nil, value = nil)
+          if type
+            @mime_type = type
+            @mime_type = Sinatra::Base.mime_type(type, value) if type.is_a? Symbol
+          end
+
+          @mime_type if defined? @mime_type
+        end
+
+        def can_handle?(request)
+          mime_type == request.content_type
+        end
+
+      end
+
+      attr_reader :request, :body
+
+      def initialize(request:, body:)
+        @request = request
+        @body = body
+      end
+
+      def call
+        raise NotImplementedError, "#{self.class} must implement #call"
+      end
+
+      private
+
+      def mime_type
+        self.class.mime_type
+      end
+    end
+  end
+end
+

data/lib/shaf/parser/form_data.rb

@@ -0,0 +1,15 @@
+module Shaf
+  module Parser
+    class FormData < Base
+      def self.can_handle?(request)
+        request.form_data? || request.parseable_data?
+      end
+
+      def call
+        request.POST.tap do |data| # Returns form params from Rack::Request
+          data.delete '_method' # If the method override hack is used remove the _method key
+        end
+      end
+    end
+  end
+end

data/lib/shaf/parser/json.rb

@@ -0,0 +1,26 @@
+module Shaf
+  module Parser
+    class Json < Base
+
+      mime_type :json, 'application/json'
+
+      def self.can_handle?(request)
+        request.content_type&.match? %r{application/(.*\+)?json}
+      end
+
+      def call
+        @payload ||= parse_json
+      end
+
+      private
+
+      def parse_json
+        return {} if body.empty?
+
+        JSON.parse(body, symbolize_names: true)
+      rescue JSON::ParserError => e
+        raise Error, e.message
+      end
+    end
+  end
+end